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~ The MAILING DATE of this communication appears on the cover sheet with the correspondence address- 

All claims being allowable, PROSECUTION ON THE MERITS IS (OR REMAINS) CLOSED in this application. If not included 
herewith (or previously mailed), a Notice of Allowance (PTOL-85) or other appropriate communication will be mailed in due course. THIS 
NOTICE OF ALLOWABILITY IS NOT A GRANT OF PATENT RIGHTS. This application is subject to withdrawal from issue at the initiative 
of the Office or upon petition by the applicant. See 37 CFR 1.313 and MPEP 1308. 

1 . This communication is responsive to 5/7/2008 . 

2. The allowed claim(s) is/are 1-23,26-51 and 54-77 . 

3. □ Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 119(a)-(d) or (f). 

a) □ All b)DSome* c) □ None of the: 

1. □ Certified copies of the priority documents have been received. 

2. □ Certified copies of the priority documents have been received in Application No. . 

3. □ Copies of the certified copies of the priority documents have been received in this national stage application from the 

International Bureau (PCT Rule 17.2(a)). 
* Certified copies not received: . 

Applicant has THREE MONTHS FROM THE "MAILING DATE" of this communication to file a reply complying with the requirements 
noted below. Failure to timely comply will result in ABANDONMENT of this application. 
THIS THREE-MONTH PERIOD IS NOT EXTENDABLE. 

4. □ A SUBSTITUTE OATH OR DECLARATION must be submitted. Note the attached EXAMINER'S AMENDMENT or NOTICE OF 
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Paper No./Mail Date . 
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each sheet. Replacement sheet(s) should be labeled as such in the header according to 37 CFR 1.121(d). 
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DETAILED ACTION 

1 . This action is in response to amendment filed on 5/7/2008. 

2. The rejection under 35 U.S.C. 101 to claims 73-77 is withdrawn in view of 
applicants' amendment. 

3. The rejection under 35 U.S.C. 102 (e) as being anticipated by Rioux, USPN 
7,051,322 B2 to Claims 1-4, 27-32, and 55-58 is withdrawn in view of applicants' 
amendment. 

4. The rejection under 35 U.S.C. 103 (a) as being unpatentable over Rioux, USPN 
7,051,322 B2, in view of Berg et al., USPUB 2005/0010806 Al to claims 5-26, 33-54, 
and 59-77 is withdrawn in view of applicants' amendment. 

5. Claims 1, 29, 57, 63, 68, and 73 have been amended (see Examiner's Amendment 
below). 

6. Claims 24-25, and 52-53 have been canceled (see Examiner's Amendment 
below). 

7. Claims 1-23, 26-5 1, and 54-77 are pending. 

8. Claims 1-23, 26-5 1, and 54-77 are allowing. 

EXAMINER 'S AMENDMENT 

9. An examiner's amendment to the record appears below. Should the changes 
and/or additions be unacceptable to applicant, an amendment may be filed as provided by 
37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no 
later than the payment of the issue fee. 
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Authorization for this examiner's amendment was given in a telephone interview 
with Jeffrey R. Sadlowski (Reg. No. 47,914) on 7/29/2008 to place the application in 
condition for allowance. 

The application has been amended as follows: 
In the Claims: 

Claims 24-25, and 52-53 have been canceled. 

Claims 1, 29, 57, 63, 68, and 73 have been amended as following: 

1 . (Currently Amended) A method comprising: 

receiving into an execution environment input component code and a runtime 
security policy, wherein the runtime security policy comprises an assignment of rights to 
the input component code and security checks performed as the input component code is 
loaded; and 

generating a call graph of call paths through the input component code simulated 
in combination with at least one symbolic component representing additional arbitrary 
code that complies with the runtime security policy , wherein the generating operation 
comprises: 

generating a class hierarchy that contains classes of the input component code and 
symbolic classes that represent classes of the arbitrary code; 

generating at least one constraint associated with a virtual call in the input 
component code; 
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evaluating the at least one constraint by a symbolic computation on potential 
target classes for the virtual call in the generated class hierarchy; 

generating at least one constraint associated with either a security demand or a 
security assert in the input component code; 

evaluating the at least one constraint by a symbolic computation on dynamic 
permissions of the input component code and on a parameter permission of the security 
demand or the security assert; and 

conditionally generating at least one additional constraint associated with one or 
more instructions located in the input component code after the security demand or assert, 
responsive to the evaluating operation . 

29. (Currently Amended) A computer program storage medium encoding a computer 
program for executing on a computer system a computer process, the computer process 
comprising: 

receiving into an execution environment input component code and a runtime 
security policy, wherein the runtime security policy comprises an assignment of rights to 
the input component code and security checks performed as the input component code is 
loaded; and 

generating a call graph of call paths through the input component code simulated 
in combination with at least one symbolic component representing additional arbitrary 
code that complies with the runtime security polic y, wherein the generating operation 
comprises: 
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generating a class hierarchy that contains classes of the input component code and 
symbolic classes that represent classes of the arbitrary code; 

generating at least one constraint associated with a virtual call in the input 
component code; 

evaluating the at least one constraint by a symbolic computation on potential 
target classes for the virtual call in the generated class hierarchy; 

generating at least one constraint associated with either a security demand or a 
security assert in the input component code; 

evaluating the at least one constraint by a symbolic computation on dynamic 
permissions of the input component code and on a parameter permission of the security 
demand or the security assert; and 

conditionally generating at least one additional constraint associated with one or 
more instructions located in the input component code after the security demand or assert, 
responsive to the evaluating operation . 

57. (Currently Amended) A system comprising: 
a processor comprising a processing unit; 

a call graph generator executing on the processing unit that receives into an 
execution environment input component code and a runtime security policy and generates 
a call graph of call paths through the input component code simulated in combination 
with at least one symbolic component that represents additional arbitrary code that 
complies with the runtime security policy, wherein the runtime security policy comprises 
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an assignment of rights to the input component code and security checks performed as the 
input component code is loaded , wherein the call graph generator further: 

generates a class hierarchy that contains classes of the input component code and 
symbolic classes that represent classes of the arbitrary code; 

generates at least one constraint associated with a virtual call in the input 
component code; 

evaluates the at least one constraint by a symbolic computation on potential target 
classes for the virtual call in the generated class hierarchy; 

generates at least one constraint associated with either a security demand or a 
security assert in the input component code; 

evaluates the at least one constraint by a symbolic computation on dynamic 
permissions of the input component code and on a parameter permission of the security 
demand or the security assert; and 

conditionally generates at least one additional constraint associated with one or 
more instructions located in the input component code after the security demand or assert, 
responsive to the evaluating operation . 

63. (Currently Amended) A method comprising: 

analyzing relative to at least one query a call graph of call paths through input 
component code simulated in combination with at least one symbolic component 
representing additional arbitrary code that complies with a runtime security policy, 
wherein the runtime security policy comprises an assignment of rights to the input 



Application/Control Number: 10/656,654 



Page 7 



Art Unit: 2191 

component code and security checks performed as the input component code is loaded.! 
wherein the analyzing operation comprises: 

generating a class hierarchy that contains classes of the input component code and 
symbolic classes that represent classes of the arbitrary code; 

generating at least one constraint associated with a virtual call in the input 
component code; 

evaluating the at least one constraint by a symbolic computation on potential 
target classes for the virtual call in the generated class hierarchy; 

generating at least one constraint associated with either a security demand or a 
security assert in the input component code; 

evaluating the at least one constraint by a symbolic computation on dynamic 
permissions of the input component code and on a parameter permission of the security 
demand or the security assert ; and 



identifying a subset of the call paths in the call graph that satisfy the query. 

68. (Currently Amended) A computer program storage medium encoding a computer 
program for executing on a computer system a computer process, the computer process 
comprising: 

analyzing relative to at least one query a call graph of call paths through input 
component code simulated in combination with at least one symbolic component 
representing additional arbitrary code that complies with a runtime security policy, 
wherein the runtime security policy comprises an assignment of rights to the input 
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component code and security checks performed as the input component code is loaded.! 
wherein the analyzing operation comprises: 

generating a class hierarchy that contains classes of the input component code and 
symbolic classes that represent classes of the arbitrary code; 

generating at least one constraint associated with a virtual call in the input 
component code; 

evaluating the at least one constraint by a symbolic computation on potential 
target classes for the virtual call in the generated class hierarchy; 

generating at least one constraint associated with either a security demand or a 
security assert in the input component code; 

evaluating the at least one constraint by a symbolic computation on dynamic 
permissions of the input component code and on a parameter permission of the security 
demand or the security assert; 

conditionally generating at least one additional constraint associated with one or 
more instructions located in the input component code after the security demand or assert, 
responsive to the evaluating operation ; and 

identifying a subset of the call paths in the call graph that satisfy the query. 

73. (Currently Amended) A system comprising: 
a processing unit and a memory; 

a call graph analyzer executing on the processing unit, the call graph analyzer 
analyzing relative to at least one query a call graph of call paths through input component 
code simulated in combination with at least one symbolic component representing 
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additional arbitrary code that complies with a runtime security policy, wherein the 
runtime security policy comprises an assignment of rights to the input component code 
and security checks performed as the input component code is loaded , wherein the call 
graph analyzer further: 

generates a class hierarchy that contains classes of the input component code and 
symbolic classes that represent classes of the arbitrary code; 

generates at least one constraint associated with a virtual call in the input 
component code; 

evaluates the at least one constraint by a symbolic computation on potential target 
classes for the virtual call in the generated class hierarchy; 

generates at least one constraint associated with either a security demand or a 
security assert in the input component code; 

evaluates the at least one constraint by a symbolic computation on dynamic 
permissions of the input component code and on a parameter permission of the security 
demand or the security assert; 

conditionally generates at least one additional constraint associated with one or 
more instructions located in the input component code after the security demand or assert, 
responsive to the evaluating operation , and 

identifying a subset of the call paths in the call graph that satisfy the query. 



-END- 
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REASONS FOR ALLOWANCE 

10. The following is an examiner's statement of reasons for allowance: 

The cited prior art taken alone or in combination fail to teach, in combination with 
the other claimed limitations, generating a class hierarchy that contains classes of the 
input component code and symbolic classes that represent classes of the arbitrary code; 
generating at least one constraint associated with a virtual call in the input component 
code; evaluating the at least one constraint by a symbolic computation on potential target 
classes for the virtual call in the generated class hierarchy; generating at least one 
constraint associated with cither a security demand or a security assert in the input 
component code; evaluating the at least one constraint by a symbolic computation on 
dynamic permissions of the input component code and on a parameter permission of the 
security demand or the security assert; and conditionally generating at least one 
additional constraint associated with one or more instructions located in the input 
component code after the security demand or assert, responsive to the evaluating 
operation as recited in independent claims 1, 29, 51, 63, 68, and 73. 

The closest cited prior art, the combination of Rioux, USPN 7,051,322 B2 
(Rioux), and Berg et al, USPUB 2005/0010806 Al (Berg), teaches a method provides an 
analysis tool for reviewing security of trusted software components during development. 
However, the combination of Rioux and Berg fails to teach generating a class hierarchy 
that contains classes of the input component code and symbolic classes that represent 
classes of the arbitrary code; generating at least one constraint associated with a virtual 
call in the input component code; evaluating the at least one constraint by a symbolic 
computation on potential target classes for the virtual call in the generated class 



Application/Control Number: 1 0/656,654 Page 1 1 

Art Unit: 2191 

hierarchy; generating at least one constraint associated with either a security demand or a 
security assert in the input component code; evaluating the at least one constraint by a 
symbolic computation on dynamic permissions of the input component code and on a 
parameter permission of the security demand or the security assert; and conditionally 
generating at least one additional constraint associated with one or more instructions 
located in the input component code after the security demand or assert, responsive to the 
evaluating operation as recited in independent claims 1, 29, 51, 63, 68, and 73, also as 
pointed out in applicants' Remarks, page 19, paragraph 5. 

These claimed limitations are not present in the prior art of record and would not 
have been obvious, thus all pending claims 1 -23, 26-5 1 , and 54-77 are allowed. 

Any comments considered necessary by applicant must be submitted no later than 
the payment of the issue fee and, to avoid processing delays, should preferably 
accompany the issue fee. Such submissions should be clearly labeled "Comments on 
Statement of Reasons for Allowance." 

Conclusion 

1 1 . Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Anna Deng whose telephone number is 571-272-5989. 
The examiner can normally be reached on Mondays to Fridays 9:30 -6:00. 
If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Wei Zhen can be reached on 571-272-3708. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. Status 
information for unpublished applications is available through Private PAIR only. For 
more information about the PAIR system, see http://pair-direct.uspto.gov. Should you 
have questions on access to the Private PAIR system, contact the Electronic Business 
Center (EBC) at 866-217-9197 (toll-free). 

/Anna Deng/ 
Examiner, Art Unit 2191 
7/29/2008 
/Wei Zhen/ 

Supervisory Patent Examiner, Art Unit 2191 



